Thursday, 22 May 2014

Cassandra 1.1.2 & above versions authorization and authentication

Note :  If you are setup on Cassandra Cluster 

Step1 :

Note : These 2 comments form Cassandra.yaml file
#Please increase system_auth keyspace replication factor if you use this authenticator.
#Please increase system_auth keyspace replication factor if you use this authorizer
1.1 user@cc1:~ cd Cassandra/bin
1.2 user@cc1:~ cd Cassandra/bin$ ./Cassandra    … it start Cassandra
1.3 Connect to CQL client another shell
user@cc1:~ cd Cassandra/bin$ ./cqlsh
Connected to Test Cluster at localhost:9160.
cqlsh 4.1.1 | Cassandra 2.0.7 | CQL spec 3.1.1 | Thrift protocol 19.39.0]
Use HELP for help.
 cqlsh>
 Note : update the system_auth
 cqlsh> select * from system.schema_keyspaces;
 Note: replication_factor = 1 (by default)
 cqlsh> ALTER KEYSPACE "system_auth"    WITH REPLICATION ={ 'class'
 : 'SimpleStrategy', 'replication_factor' : 3 };

Now it set to 3.

Step2:    Edit the Cassandra.yaml file as 

# authentication backend, implementing IAuthenticator; used to identify users
#authenticator: org.apache.cassandra.auth.AllowAllAuthenticator
authenticator: org.apache.cassandra.auth.PasswordAuthenticator
# authorization backend, implementing IAuthorizer; used to limit access/provide
permissions
#authorizer: org.apache.cassandra.auth.AllowAllAuthorizer
authorizer: org.apache.cassandra.auth.CassandraAuthorizer
Once above changes are made and save to the cassandra.yaml file, the database cluster can be started/re-started so that internal authentication and
authorization are now enabled.

Step 3: 

Next, start up Cassandra using the default user name and password (cassandra/cassandra) and start cqlsh using the same credentials.
Connection to Cqlsh
user@cc1:~ Cassandra/bin$ ./cqlsh -u cassandra -p cassandra
Connected to Test Cluster at localhost:9160.
[cqlsh 2.2.0 | Cassandra 1.1.9.1-SNAPSHOT | CQL spec 3.0.0 | Thrift protocol 19.33.0]
Connection to Cassandra-cli  without credentials, You will get below exception:

Connection to Cassandra-cli  with credentials.


Here it show the KEYSPACES available in Cluster.
EDIT the default PASSWORD
cqlsh> alter user cassandra with password 'new_password';
cqlsh> create user rakesh with password 'admin_manager' superuser;
cqlsh> create user user1 with password 'user1';

Listing of all users: 


Users can be removed via the drop command:
cqlsh> drop user user1;



Acknowledgements

Thank you Rakesh Budagam and David Letchumanan for this post.

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)